A few days ago I began logging all of FF from 3 to 9. A lot of 9 still coming in. I'll check the other versions in a week or so.
After reading the OP I decided to block FF/3.0* - I don't think that has been legit for a long time.
I also checked my "security logs" for windows firefox/3.6 and found several legit accesses, so windows users are still using FF/3.6.
Since there was a major security hole in the latest version of FF/10.0.1 (updated today to 10.0.2) there are a lot of potential victims out there, a large number of whom probably contribute to the botnets that hit our sites.